Auth as a Service

User Management

Sessions and SSO

User Organization

Auth as a Service

Auth as a Service

You're starting a new app. Or maybe you already have an app. Either way, it needs logins. And signups. And maybe some other stuff.

That leaves you with a choice. Spend weeks doing it right or hustle through it and risk a half-baked result. Or you could use AuthRocket.

AuthRocket covers all the basics: Logins, Signups, Social Logins, Two-factor Auth, Password Security, and much more. AuthRocket frees you up to focus on your actual app and quickly check the Authentication task off as finished.

Logins Done Right

LoginRocket gives you ready-to-go logins. You can even customize the look and feel to match your app.

And if you want to host your own logins, we make that easy too.

Registration Forms Too

New user registration is just as easy as logins.

If your user doesn't have an account yet, send them to a matching, LoginRocket-hosted signup page.

Social Auth

Users love social login because it's one less password to remember. That's great but it can be quite the headache to implement. Every social platform has their own tweaks to OAuth2, the APIs change, and the profile data is all formatted differently.

AuthRocket handles all of these complexities for you, unifying everything into one simple API and one consistent profile. Each social login provider takes just a few clicks to enable—and zero code.

Custom Domains

By default, hosted logins and signups get a selectable subdomain on loginrocket.com. For a more unified branding experience for your users, add a custom domain like login.yourdomain.com.

"I integrated AuthRocket today and it works really easily. :) Very impressed."

- LUC H.

ManagementUI

Management UI

AuthRocket's management portal covers all the basics and more. Find and manage users, add memberships and permissions, reset passwords, and everything else you'd expect to be able to do. It's all there, and you don't have to code any of it.

Filter and Sort

The management UI includes lots of niceties—the things you might want to add, but never seem to get around to. Filter and sort users by name, last login, or signup date.

Real-time Search

Use real-time search to find users and orgs (groups) by name, email, IDs, and other data.

CSV Export

What happens when someone in marketing needs a list of users? Ever had to open a database connection and write a SQL query? We all know that's not how it's supposed to go.

With AuthRocket you won't even have to be involved. Your friendly marketer can login to AuthRocket directly and export their own CSV, all without interupting your workflow.

Automatic Emails

Every user action in AuthRocket has the option to trigger email messages—to the user or to you.

Want to be notified when a new user signs up? Check.

Want to send a welcome email to new users? Got it.

How about customizing the forgotten password email? Yep—every email can be fully customized (or turned off).

Seamless Logins Between Apps

Using one password to access multiple apps is already great, but what about a true seamless login experience? Jump between apps (or microservices) without having to login again.

The amazing part? It doesn't even take extra code. AuthRocket cleverly handles everything for you—each app just sees a normal login.

User Impersonation

Our API easily allows you to create login sessions for any user. Use it for impersonating a user, building complex authentication flows, or even bridging the gap between multiple authentication sources.

Enforced Logouts

When a user signs out, how do you enforce the end of their session? AuthRocket knows when a session has ended and can guarantee the user has logged out. If your app needs this, we've got you covered.

Universal Logouts

Single signoff is the companion to single signon. Ending a session in AuthRocket ends it everywhere for all of your apps.

"The geniuses over at AuthRocket have taken the time to pour over every technical detail of authentication negotiation and management. This level of expertise embedded in a turnkey solution is a rare gem indeed."

- TIMOTHY B.

User Organization and Security

User Organization and Security

Just because AuthRocket is easy to use doesn't mean you have to sacrifice expected features. AuthRocket provides you with flexible ways to organize users into groups, manage memberships and permissions, and much more.

Groups

AuthRocket's data model is surprisingly flexible. One of the places this is most evident is with what we call Orgs, which are a way to organize or group users.

Orgs are useful for groups, accounts, companies, or just about any other conceivable grouping of users.

Authorization

Each membership for every user can contain permissions information. These work like tags for a blog. Use them for permissions, roles, or even other attributes of membership—basically anything that's meaningful to your app.

Custom Attributes

Users, orgs, and other core record types all allow you to save custom attributes.

Custom attributes aren't an add-on and don't require extra API calls. They make your development easy by saving extra data where it belongs—right with everything else.

Sub-accounts (Environments)

AuthRocket gives you multiple sub-accounts for free (we call them Realms), so you have the option to isolate Production data from Staging. Or Development from QA. Or even App A from App B.

Feature Complete API

Our API covers the entire service, not just core objects like users and memberships. Want to automate configuration of your account (or even provisioning of sub-accounts)? No problem.

Every API is available to all accounts and is fully documented.

API Key Management

Does your app offer an API to your users? AuthRocket has built-in API key management which securely manages your API keys just like all your other authentication data.

API keys can have permissions and be assigned membership in orgs/groups. Rolling API keys (with overlap before the old one expires) is supported too.

Event-driven Architecture

Sometimes you want to know what's happenening with your user data. AuthRocket generates an event for nearly every action in the system (28 event types and growing). Login and signup events are tallied up and included on your app's dashboard.

All events are viewable in the UI, and can also be configured to trigger webhooks back to your apps, making it easy to stay aware of what your users are up to.

Best-practices Security

The security of your user accounts is important. We've covered all the bases—probably a lot more than you'd have time to address yourself.

Multi-factor authentication (via TOTP)

Rate-limiting login attempts

Adjustable password complexity requirements

Encryption of sensitive data at rest

Slow-hashing of passwords

Audit history of login activity

Logs auto-filtered to exclude passwords

and much more.

Zero-touch Passwords

Improve security risk management by never seeing user passwords. In the world of credit cards, it's now a best practice for credit card numbers to go directly to a payment processor and to interact only with a secure token. We've brought the same concept to passwords.

With AuthRocket, it's possible for passwords to never go through your servers. Even if you host your own login and signup forms, use authrocket.js to convert passwords into a signup token which can safely be sent through your server.